Skip to content
Tech News
← Back to articles

Another customer of troubled startup Delve suffered a big security incident

2026-04-23 | original
read original get YubiKey Security Key → more articles
Why This Matters

The security incidents involving Delve highlight the risks associated with startups in the compliance and security certification space, especially when their credibility is questioned. For the tech industry and consumers, this underscores the importance of rigorous vetting and transparency in security certifications to prevent breaches and protect sensitive data.

Key Takeaways

The story of embattled compliance startup Delve keeps hitting twists and turns.

TechCrunch has confirmed that Delve was the compliance company that performed the security certifications for Context AI, the AI agent training startup that last week disclosed a security incident which led to a data breach at popular app and website hosting giant Vercel.

On the other hand, Lovable, which had its own security incident, is no longer a Delve customer.

To recap: Last month, Delve came under fire when an anonymous whistleblower alleged that the startup was faking customer data, and using rubber-stamping auditors in its compliance and certifications processes. Delve has denied those allegations.

Soon afterwards, hackers attacked one of Delve’s security certification customers, LiteLLM, and planted malware in its open source code. After the incident, LiteLLM told TechCrunch it was dumping Delve and getting re-certified.

Delve was also accused of taking an open source tool and passing it off as its own work without proper license attribution. The startup’s reputation grew shaky, prompting Y Combinator, where Delve graduated from, to sever ties.

Fast forward to last weekend, Vercel said hackers had breached its internal systems and accessed some customer data. The company said hackers broke in after an employee downloaded an app made by Context AI and connected that app to Vercel’s corporate account hosted by Google. The hackers abused that employee’s access to their Google account to break into some of Vercel’s internal systems.

After Context AI was named in the Vercel attack, Gergely Orosz, author of the engineering newsletter, The Pragmatic Engineer, said in a post on X that Delve was the company that handled Context AI’s security certification.

Context AI has now confirmed to TechCrunch that it did use Delve, but it has since ditched the startup and is in the process of getting re-certified.

“Yes, Context was previously a Delve customer,” a spokesperson for Context AI told TechCrunch. “Following the reporting surrounding Delve in March, we transitioned our compliance program to Vanta and engaged Insight Assurance, an independent audit firm, to conduct new examinations. As part of the re-examination, we began updating our public materials, and we’ll share the new attestation when it is complete,” the spokesperson added.

... continue reading

Explore topics: delve vercel context ai y combinator google
Related:
Vercel says some of its customers’ data was stolen prior to its recent hack
Google Wallet Brings Travel Updates Directly to Android Home Screens
WhatsApp adds prepaid phone recharges in India as its payments usage still lags
Ads are the worst thing about YouTube livestreams, but Google may have (loudly) fixed them
Best Fitbit Models for Beginners, Athletes, and Kids (2026)

© 2026 GoKawiil

About | Editorial Policy | Contact